ESET Threat Blog

This weekend, an unnamed worm forced Microsoft to temporarily suspend active links  in Live Messenger 2009, in order to prevent the aggressive worm from spreading further. This is quite a surprising measure, because worms spreading through Instant Messaging (IM) such as Skype, Yahoo! Messenger and Microsoft Live Messenger are not new at all! For example, … Read More…

Our interim analysis of a version of the malware we detect as Java/Boonana.A or Win32/Boonana.A (depending on the particular component of this multi-binary attack) differs in some characteristics from other reports we've seen.
The most dramatic difference is in the social engineering hook used in messages sent to an infected user's friends list. Other reports (including … Read More…

1)
Another Virus Bulletin conference paper has just gone up on the ESET white papers page, by kind permission of the magazine.
Large-Scale Malware Experiments: Why, How, And So What? by Joan Calvet, Jose M. Fernandez, our own Pierre-Marc Bureau, and Jean-Yves Marion, discusses how they replicated a botnet for experimental purposes, and what use they made of … Read More…

Congratulations to our friends at Virus Bulletin for yet another great conference (the 20th) in Vancouver this week. Congratulations also to our own Pierre-Marc Bureau, voted the best newcomer to the AV business at the conference.
By kind permission of Virus Bulletin, we've already put two of the papers written or co-authored by ESET researchers up … Read More…

*Jove, or Jupiter, was the Roman equivalent of the Greek god Zeus, the king of the gods. Ah, the benefits of a classical education. If GCE O-Level Latin counts as a classical education…
Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK … Read More…

We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat.
Detection for Win32/Stuxnet and the shortcut (LNK) files used … Read More…

Having implemented generic detection of the CVE-2010-2568 vulnerability used to propagate the now infamous Win32/Stuxnet, ESET has identified not one but two new malware families that exploit the same vulnerability.  This vulnerability allows code execution through malicious LNK (shortcut) files. 
We have identified a new family that exploits this unpatched vulnerability in order to spread, which … Read More…

While I was at the EICAR conference earlier this week, I also co-presented (along with Pierre-Marc Bureau and Andrew Lee) a paper on "Security, Perception and Worms in the Apple". During the presentation, I had occasion to recall how in the early 1990s I wrote a report on viruses for my boss at the time at … Read More…

Further to Pierre-Marc's blog yesterday about in-the-wild exploitation of the Java Development Kit vulnerability publicised by Tavis Ormandy, David Kennedy has brought to our attention a comprehensive article on the same topic published yesterday by FireEye's Atif Mushtaq.  You may remember that Atif exchanged thoughts and info with us a while ago in relation to … Read More…

Last year (http://www.eset.com/threat-center/blog/2009/09/03/more-infections-a-lot-more-malware), we posted statistics collected through our online scanner logs.  Below, you will find updated statistics on the number of infected  hosts, malicious files and malware families found on infected systems.
In general, the statistics we are seeing in through our online scanner logs are consistent with our observation from last September.  We are … Read More…